Our Scenarios
Logs Analysis

Event Correlation

Info

Simple Event Correlator (SEC) is a tool used to correlate logs using “rules”. Rules are patterns which will match against given logs. This tool written in Perl and the source code comes pre-compiled (ready to run).

LAB Overview

We will be working on the following topics related to this lab:

  • SEC will be installed on Debian

  • Unpacking and checking SEC command options

  • Writing SEC rule for single line matching and check against simple lines

  • Working on SEC actions

  • Writing rules using threshold

  • Writing SingleWithScript rules

  • Advanced rule writing

  • MODESINGLEPLAYER
  • TYPECCL
  • DIFFICULTYINTERMEDIATE
  • TIME90 MINUTES
  • COST10 CRYSTALS
SHARE